Configure Authentication For The Access Methods You Want Radius To Protect - ProCurve 2610 Manual

out on a server that is unavailable. If you want to use this feature,
select a dead-time period of 1 to 1440 minutes. (Default: 0—disabled;
range: 1 - 1440 minutes.) If your first-choice server was initially
unavailable, but then becomes available before the dead-time expires,
you can nullify the dead-time by resetting it to zero and then trying to
log on again. As an alternative, you can reboot the switch, (thus
resetting the dead-time counter to assume the server is available) and
then try to log on again.
• Number of Login Attempts: This is an aaa authentication command.
It controls how many times in one session a RADIUS client (as well
as clients using other forms of access) can try to log in with the correct
username and password. (Default: Three times per session.)
(For RADIUS accounting features, refer to "Configuring RADIUS Accounting"
on page 5-26.)
1. Configure Authentication for the Access Methods
You Want RADIUS To Protect
This section describes how to configure the switch for RADIUS authentication
through the following access methods:
■ Console: Either direct serial-port connection or modem connection.
■ Telnet: Inbound Telnet must be enabled (the default).
SSH: To employ RADIUS for SSH access, you must first configure the
■
switch for SSH operation. Refer to "Configuring Secure Shell (SSH)"
on page 7-1.
Web: Web browser interface.
■
You can configure RADIUS as the primary password authentication method
for the above access methods. You will also need to select either local or none
as a secondary, or backup, method. Note that for console access, if you
configure radius (or tacacs) for primary authentication, you must configure
local for the secondary method. This prevents the possibility of being com­
pletely locked out of the switch in the event that all primary access methods
fail.
RADIUS Authentication and Accounting
Configuring the Switch for RADIUS Authentication
5-9